Laden...
CSO US First Look
The day's top cybersecurity news and in-depth coverage
April 28, 2025
Reporting lines: Could separating from IT help CISOs?
CISOs who report to the CFO find that the shift away from IT can improve their ability to translate risk into business terms, communicate more effectively with executives, and avoid conflicts of interest with IT.
Read more
SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability
The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor
Linux security still too reliant on eBPF-based agents, says Armo.
Commvault warns of critical Command Center flaw
The flaw, tracked as CV-2025-34028, could allow remote attackers to execute arbitrary code without authentication on affected Linux as well as Windows installations.
Darcula phishing toolkit gets AI boost, democratizing cybercrime
Darculaâs new AI-integrated phishing toolkit allows criminals to create customized, multi-language phishing kits in minutes â no technical skill required.
Cybercriminals switch up their top initial access vectors of choice
Vulnerability exploitation, including attacks on network edge devices, has leapfrogged phishing to become a key factor in many security breaches, according to Verizonâs DBIR.
6 types of risk every organization must manage â and 4 strategies for doing it
From cyberthreats to financial volatility, security leaders must grasp the nuances of risk management to build resilient and successful organizations.
© 2025
